Upload
acerking
View
218
Download
4
Embed Size (px)
DESCRIPTION
Spec Shet
Citation preview
Radware DefensePro IPS & Behavioral protection: Specification Sheet
Page 1
DefensePro IPS and Behavioral Protection
Technical Product Information
Product Models
DefensePro x412 Series
Designed for large data centers protection deployed by large enterprises, eCommerce and service providers Models:
DefensePro 12412 (up to 12Gbps)
DefensePro 8412 (up to 8Gbps)
DefensePro 4412 (up to 4Gbps)
Upgrade options are available from model 4412 and up to 12412 DefensePro x016 Series
Designed for medium sized data centers protection deployed by large enterprises, eCommerce and service providers Models:
DefensePro 3016 (up to 3Gbps)
DefensePro 2016 (up to 2Gbps)
DefensePro 1016 (up to 1Gbps)
Upgrade options are available from model 1016 and up to 3016 DefensePro x06 Series
Designed for small to medium sized data centers protection and Internet Gateway Models:
DefensePro 2006 (up to 2Gbps)
DefensePro 1006 (up to 1Gbps)
DefensePro 506 (up to 500Mbps)
Upgrade options are available from model 506 and up to 2006
Radware DefensePro IPS & Behavioral protection: Specification Sheet
Page 2
Product Features
Feature Protections
Network Wide Protections
Behavioral DoS Protect against known and zero-minute DoS/DDoS flood attacks that misuse network bandwidth resources including: TCP Floods, UDP floods, ICMP floods, IGMP floods and fragmented attacks.
DNS Protection Protect DNS critical infrastructure against flood attack that misuse DNS server resources.
Malware Propagation Prevention and Anti Scanning
Prevent zero-minute malware spread by already infected hosts.
Prevents network pre-attack probes (Reconnaissance) including horizontal and vertical TCP & UDP scanning, stealth scanning and ping sweeps.
RSA FraudAction feeds
Real-time Anti-Trojan and Anti-Phishing service, targeted to fight against financial fraud, information theft and malware spread. Based on real-time reputation feeds from RSA Anti Fraud Command Center (AFCC).
Server Protections
SYN Protection Protect against any type of SYN flood attacks using advanced SYN authentication mechanisms
HTTP flood protection Protect against HTTP page flood attacks that misuse web server resources.
Server-Cracking Protection
Block brute force and dictionary attacks targeting to defeat server authentication schemes including Mail servers (SMTP, POP3, IMAP), FTP servers, SIP servers, MS-SQL and MYSQL servers.
Web sites application vulnerability scanning and hacking protection.
SIP Invite and Bye floods prevention.
Connection Limit Defend against connection based attacks such as half open SYN attacks, request attacks and full session attacks.
Vulnerability-based protections
Signature Protections Protects against known application vulnerabilities and common malware including:
Web application protection, Mail servers protection, FTP servers protection, DNS Vulnerabilities, SIP vulnerabilities, SNMP Vulnerabilities, Microsoft vulnerabilities, Worms and Viruses, Backdoors and Trojans, Cross-Site Scripting, SQL Injections, Spyware, LAN Protocol and Services Protection (RPC, NetBIOS, Telnet etc.), Generic Payloads (Remote Execution, Shellcodes).
Security updates service (SUS) - weekly updates and emergency updates.
User-defined Attack Signatures.
Stateful Inspection RFC compliance and state machine verification for various protocols including TCP, ICMP, DNS, HTTPS, SMTP, IMAP, POP3, FTP, SSH.
Stateful Operation TCP Stream Reassembly, IP Defragmentation.
SSL Attack Prevention Available for DefensePro series X16 and X412 in conjunction with AppXcel.
Bandwidth Management and Access Control
Bandwidth Management
Guarantee bandwidth per application (granular, per user or session basis).
Limit bandwidth per application.
Limit P2P protocol traffic per session.
Access Control Access Lists per IP address & protocol; Black/White Lists per IP address per feature.
Supported protocols More than 100 protocols are supported including TCP, ICMP, DNS, HTTP, HTTPS, SMTP, IMAP, POP3, FTP, Telnet, SSH, SIP, Skinny (SCCP), H.223, RTP, SNMP, MySQL, MS-SQL (TDS) and LAN-centric protocols (RPC, NetBIOS) etc. Additional protocols can be defined by the user.
Management
Alerting SNMP V1, 2C &3, Log File, Syslog, E-mail.
Forensics Attack Packet Logging, In-depth Attack Footprint Analysis, Attack Details and Statistics.
Configuration SNMP V1, 2C, 3, HTTP, HTTPS, SSH, Telnet, SOAP API, Console (user selectable).
Time Synchronization Network Time protocol (NTP)
Export Real-Time Signature information
Northbound XML interface exporting behavioral parameters such as:
Normal traffic patterns.
Attacks real-time signatures of ongoing DoS/DDoS attacks and malware propagation and anti scanning.
Radware DefensePro IPS & Behavioral protection: Specification Sheet
Page 3
Product Specifications
DefensePro Model 506 IPS & Behavioral Protection
1006 IPS & Behavioral Protection
2006 IPS & Behavioral Protection
1016 IPS & Behavioral Protection
2016 IPS & Behavioral Protection
3016 IPS & Behavioral Protection
4412 IPS & Behavioral Protection
8412 IPS & Behavioral Protection
12412 IPS & Behavioral Protection
Network Location Perimeter Core Network Core Network
Hardware Platform OnDemand Switch VL OnDemand Switch 2S1; Dual PS option is: OnDemand Switch 2S2
On Demand Switch 3S2
Performance1
Capacity2 500Mbps 1GMbps 2Gbps 1Gbps 2Gbps 4Gbps 4Gbps 8Gbps 14Gbps
Throughput3 500Mbps 1GMbps 2Gbps 1Gbps 2Gbps 3.6Gbps 4Gbps 8Gbps 12Gbps
Max Concurrent Sessions
2,000,000 2,000,000 2,000,000 2,000,000 2,000,000 2,000,000 4,000,000 4,000,000 4,000,000
Maximum DDoS Flood Attack Prevention Rate
1,000,000 packets per second
1,000,000 packets per second
1,000,000 packets per second
5,000,000 packets per second
5,000,000 packets per second
5,000,000 packets per second
10,000,000 packets per second
10,000,000 packets per second
10,000,000 packets per second
Latency < 60 micro seconds < 60 micro seconds < 60 micro seconds
Real time signatures
Detect and protect attacks in less than 18 seconds
Detect and protect attacks in less than 18 seconds
Detect and protect attacks in less than 18 seconds
Inspection Ports
10/100/1000 Copper Ethernet
4 4 4 12 12 12 8 8 8
GE (SFP) 2 2 2 4 4 4 4 4 4
10GE (XFP) - - - - - - 4 4 4
Management Ports
10/100/1000 Copper Ethernet
2 2 2 2 2 2 2 2 2
RS-232 1 1 1 1 1 1 1 1 1
Operation Mode Network Operation Transparent L2 Forwarding
Deployment Modes
In-line; SPAN Port Monitoring; Copy Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center solution)
Tunneling protocols support
VLAN Tagging, L2TP, MPLS, GRE, GTP
IPv6 Support IPv6 networks and block IPv6 attacks
Policy Action Block & Report, Report Only
Block Actions Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest port or any combination), Challenge-Response for HTTP and DNS attacks
High Availability
Fail-open / fail-close
Internal fail-open/fail-close for copper ports; internal fail-close for SFP ports; optional fail-open for SFP
ports4
Internal fail-open/fail-close for copper ports; internal fail-close for SFP ports;
optional fail-open for SFP ports5
Internal fail-open/fail-close for copper ports; internal fail-close for SFP and XFP ports; optional fail-open for SFP
and XFP ports6
Dual Power No No No Optional Optional Optional Yes – hot Yes – hot Yes – hot
1 Actual performance figures may change per network configuration, traffic type, etc.
2 Capacity is measured as maximum traffic forwarding when no security profiles are configured.
3 Throughput is measured with behavioral IPS protections and signature IPS protections using eCommerce protection
profile. 4 External fiber fail-open switch with SFP ports is available at additional cost. 5 External fiber fail-open switch with SFP ports is available at additional cost. 6 External fiber fail-open switches with SFP or XFP ports are available at additional cost.
Radware DefensePro IPS & Behavioral protection: Specification Sheet
Page 4
Supply swappable swappable swappable
Advanced internal overload mechanism
7
Yes Yes Yes Yes Yes Yes Yes Yes Yes
Active-Passive cluster
Yes Yes Yes Yes Yes Yes Yes Yes Yes
Physical
Dimensions (W x D x H) mm
424x457x44 424x600x44 (1U) Dual PS option: 424x600x88 (2U)
424x600x88
Weight (lb, kg) 15.8, 7.2 20.9, 9.5 Dual PS option is 24.0, 10.9
39.0, 18.0
Power Supply Auto range: 100V-120V/200V-240V AC 47-63Hz or 38-72VDC
Auto range: 100V-120V/200V-240V AC 50-60Hz or 38-72VDC
Auto range: 100V-120V/200V-240V AC 50-60Hz or 38-72VDC
Power Consumption
128W 302W Dual PS option is 312W
476W
Heat Dissipation (BTU/h)
436.5 1029 Dual PS option is 1064
1623
Operating Temperature
0-40C
Humidity (non-condensing)
5% to 95%
Safety Certifications
EN 60950-1:2006, CB - IEC 60950-1, cTUVus
EN, UL, CSA, IEC #60950-1
EMC EN 55022, EN 55024, FCC Part 15B Class A
EN 55022, EN 55024, FCC Part 15B Class A
Other Certifications
CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick, RoHS
CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick, RoHS
Warranty 1-year hardware and software maintenance
Support Certainty Support Program
Patent protected behavioral analysis technology
Radware DefensePro has been successfully awarded multiple United States patents based on real-time signatures, which protect and secure applications and network traffic. DefensePro technology is protected by the following patents:
Patent No. 7,607,170 “Stateful Attack Protection”
Patent No. 7,617,170 “Generated Anomaly Pattern for HTTP Flood Protection”
Patent No. 7,624,084 “Method for Generating Anomaly Pattern for HTTP Flood Protection”
Patent No. 7,681,235 “Dynamic network protection”
Patent No. 7,836,496 “Dynamic network protection II”
Patent No. 11/869,067 “Automatic Signature Propagation Network”
Patent No. 11/835,503 “Method, system and computer program product for preventing sip attacks”
Specifications subject to change without notice.
7 Overload mechanism is designed to obtain maximum security coverage under extreme traffic loads.